feat(config-file): Add support for reading a config file (#43)

* feat(config-file): Add support for reading a config file

The config structure follows the options using JSON file format. Ex:
{
  "low": true,
  "advisories": [100, 101],
  "package-manager": "auto",
  "whitelist": ["example-package"]
}

Usage: audit-ci --settings <pathToFile.json> [extra args]

Also added config file tests for yarn and npm.

* feat(config-file): Change `--settings` to `--config`

Discussion: #43 (comment)

* feat(config-file): Add spec for config file. Fix config example.

The config example fails if copy-pasted due to JSON comments.
Instead, specify the implementation earlier and reference the example.

* feat(config-file): Fix config file name from settings to config

README.md

@@ -77,6 +77,27 @@ before_install:
 | -r   | --report          | Shows the `npm audit --json` report (default `true`)                              |
 | -a   | --advisories      | Vulnerable advisory ids to whitelist from preventing integration (default `none`) |
 | -w   | --whitelist       | Vulnerable modules to whitelist from preventing integration (default `none`)      |
+|      | --config          | Path to JSON config file                                                          |
+
+### (_Optional_) Config file specification
+
+A config file can manage auditing preferences `audit-ci`. The config file's keys match the CLI arguments.
+
+```
+{
+  // Only use one of ["low": true, "moderate": true, "high": true, "critical": true]
+  "low": <boolean>, // [Optional] defaults `false`
+  "moderate": <boolean>, // [Optional] defaults `false`
+  "high": <boolean>, // [Optional] defaults `false`
+  "critical": <boolean>, // [Optional] defaults `false`
+  "report": <boolean>, // [Optional] defaults `true`
+  "package-manager": <string>, // [Optional] defaults `"auto"`
+  "advisories": <number[]>, // [Optional] defaults `[]`
+  "whitelist": <string[]> // [Optional] defaults `[]`
+}
+```
+
+Review the examples section for an [example of config file usage](#example-config-file-and-usage).
 
 ## Examples
 
@@ -104,6 +125,23 @@ audit-ci --critical --report false
 audit-ci
 ```
 
+### Example config file and usage
+
+**audit-ci.json**
+
+```json
+{
+  "low": true,
+  "package-manager": "auto",
+  "advisories": [100, 101],
+  "whitelist": ["example1", "example2"]
+}
+```
+
+```sh
+audit-ci --config audit-ci.json
+```
+
 ## Q&A
 
 #### Why run `audit-ci` on PR builds for `Travis-CI` and not the push builds?

lib/audit-ci.js

@@ -7,6 +7,7 @@ const yargs = require('yargs');
 const fs = require('fs');
 
 const { argv } = yargs
+  .config('config')
   .options({
     l: {
       alias: 'low',

test/npm-config-file/audit-ci.json

@@ -0,0 +1,4 @@
+{
+  "low": "true",
+  "whitelist": ["open"]
+}

test/npm-config-file/package.json

@@ -0,0 +1,7 @@
+{
+  "name": "audit-ci-npm-config",
+  "description": "Test package.json with config file",
+  "dependencies": {
+    "open": "0.0.5"
+  }
+}

test/yarn-config-file/audit-ci.json

@@ -0,0 +1,4 @@
+{
+  "low": "true",
+  "advisories": [663]
+}

test/yarn-config-file/package.json

@@ -0,0 +1,7 @@
+{
+  "name": "audit-ci-yarn-config",
+  "description": "Test package.json with config file",
+  "dependencies": {
+    "open": "0.0.5"
+  }
+}

test/yarn-config-file/yarn.lock

@@ -0,0 +1,8 @@
+# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
+# yarn lockfile v1
+
+
+[email protected]:
+  version "0.0.5"
+  resolved "https://registry.yarnpkg.com/open/-/open-0.0.5.tgz#42c3e18ec95466b6bf0dc42f3a2945c3f0cad8fc"
+  integrity sha1-QsPhjslUZra/DcQvOilFw/DK2Pw=